Bayesian inference with certifiable adversarial robustness
We consider adversarial training of deep neural networks through the lens of Bayesian learning and present a principled framework for adversarial training of Bayesian Neural Networks (BNNs) with certifiable guarantees. We rely on techniques from constraint relaxation of non-convex optimisation probl...
| Glavni autori: | , , , , , |
|---|---|
| Format: | Conference item |
| Jezik: | English |
| Izdano: |
Journal of Machine Learning Research
2021
|
| _version_ | 1826309008957374464 |
|---|---|
| author | Wicker, M Laurenti, L Patane, A Chen, Z Zhang, Z Kwiatkowska, M |
| author_facet | Wicker, M Laurenti, L Patane, A Chen, Z Zhang, Z Kwiatkowska, M |
| author_sort | Wicker, M |
| collection | OXFORD |
| description | We consider adversarial training of deep neural networks through the lens of Bayesian learning and present a principled framework for adversarial training of Bayesian Neural Networks (BNNs) with certifiable guarantees. We rely on techniques from constraint relaxation of non-convex optimisation problems and modify the standard cross-entropy error model to enforce posterior robustness to worst-case perturbations in ϵ−balls around input points. We illustrate how the resulting framework can be combined with methods commonly employed for approximate inference of BNNs. In an empirical investigation, we demonstrate that the presented approach enables training of certifiably robust models on MNIST, FashionMNIST, and CIFAR-10 and can also be beneficial for uncertainty calibration. Our method is the first to directly train certifiable BNNs, thus facilitating their deployment in safety-critical applications. |
| first_indexed | 2024-03-07T07:27:49Z |
| format | Conference item |
| id | oxford-uuid:b9c010c1-7e37-4dd8-aa13-3ca0d9c49f83 |
| institution | University of Oxford |
| language | English |
| last_indexed | 2024-03-07T07:27:49Z |
| publishDate | 2021 |
| publisher | Journal of Machine Learning Research |
| record_format | dspace |
| spelling | oxford-uuid:b9c010c1-7e37-4dd8-aa13-3ca0d9c49f832022-12-01T17:09:27ZBayesian inference with certifiable adversarial robustnessConference itemhttp://purl.org/coar/resource_type/c_5794uuid:b9c010c1-7e37-4dd8-aa13-3ca0d9c49f83EnglishSymplectic ElementsJournal of Machine Learning Research2021Wicker, MLaurenti, LPatane, AChen, ZZhang, ZKwiatkowska, MWe consider adversarial training of deep neural networks through the lens of Bayesian learning and present a principled framework for adversarial training of Bayesian Neural Networks (BNNs) with certifiable guarantees. We rely on techniques from constraint relaxation of non-convex optimisation problems and modify the standard cross-entropy error model to enforce posterior robustness to worst-case perturbations in ϵ−balls around input points. We illustrate how the resulting framework can be combined with methods commonly employed for approximate inference of BNNs. In an empirical investigation, we demonstrate that the presented approach enables training of certifiably robust models on MNIST, FashionMNIST, and CIFAR-10 and can also be beneficial for uncertainty calibration. Our method is the first to directly train certifiable BNNs, thus facilitating their deployment in safety-critical applications. |
| spellingShingle | Wicker, M Laurenti, L Patane, A Chen, Z Zhang, Z Kwiatkowska, M Bayesian inference with certifiable adversarial robustness |
| title | Bayesian inference with certifiable adversarial robustness |
| title_full | Bayesian inference with certifiable adversarial robustness |
| title_fullStr | Bayesian inference with certifiable adversarial robustness |
| title_full_unstemmed | Bayesian inference with certifiable adversarial robustness |
| title_short | Bayesian inference with certifiable adversarial robustness |
| title_sort | bayesian inference with certifiable adversarial robustness |
| work_keys_str_mv | AT wickerm bayesianinferencewithcertifiableadversarialrobustness AT laurentil bayesianinferencewithcertifiableadversarialrobustness AT patanea bayesianinferencewithcertifiableadversarialrobustness AT chenz bayesianinferencewithcertifiableadversarialrobustness AT zhangz bayesianinferencewithcertifiableadversarialrobustness AT kwiatkowskam bayesianinferencewithcertifiableadversarialrobustness |